ShinyHunters leaks Sysco data with 2.7 million email addresses after extortion
Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.
- Check
- People and businesses dealing with Sysco should check Have I Been Pwned for affected emails and stay alert to phishing or invoice fraud that references Sysco accounts, orders, or deliveries.
- Affected
- Sysco staff, customers, and partners whose email addresses and corporate contact details were exposed (2,691,852 indexed); the data supports targeted phishing and business email compromise against the food-distribution supply chain.
- Fix
- Treat unexpected Sysco-themed emails with caution, verify payment or account changes through known contacts, enable phishing-resistant MFA, and brief staff and partners on the heightened phishing risk from this exposure.